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CLAIMS 

1. (currently amended) A method of converting an electronic wallet, 
comprising steps of: 

providing an account, the account a first account type providing a first set 
of services, the first set of services requiring a first level of authentication; 

presenting an accountholder a one-time challenge/response mechanism; 

and 

if the accountholder clears the challenge, converting the account to a 
second account type for all time; 

wherein the second type provides the first set of services plus further 
services associated therewith, the further services requiring at least one further 
level of authentication; 

wherein first account tvpe comprises a thin wallet, the thin wallet 
comprising a record in a subscriber database, and wherein the second account 
tvpe comprises a full wallet, the full wallet comprising a record in a wallet 
database . 



2. (previously presented) The method of Claim 1, wherein the 
challenge/response mechanism requires an accountholder to provide information 
known only to the accountholder. 

3. (original) The method of Claim 2, wherein the step of providing the wallet 
account comprises either of the steps of: 

creating the account when making an initial purchase; and 
creating a record in a subscriber database. 

4. (original) The method of Claim 3, wherein subscribers include subscribers 
to any of: . 

an online service; and 

an ISP (Internet service provider). 
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5. (original) Tlie method of Claim 2, wherein the step of presenting a 
challenge/response mechanism comprises steps of: 

requesting a service from within the account of the first type that is only 
available from within an account of the second type; and 

one time only, prompting the accountholder to provide the information 
known only to the accountholder. 

6. (original) The method of Claim 2, wherein the account comprises an 
electronic wallet, the first type comprising a thin wallet wherein the first set of 
services comprises at least one low-risk task requiring a low security level. 

7. (original) The method of Claim 6, wherein the at least one low-risk task 
comprises any of: 

making purchases not exceeding a predetennined purchase amount; 

making transactions using default account information; and 

making purchases at sites requiring only the first level of authentication. 

8. (original) The method of Claim 6, wherein the second type comprises a full 
wallet and the further rights comprise additional tasks requiring greater security 
than the low level of security. 

9. (original) The method of Claim 8, wherein the additional tasks comprise 
any of: 

editing the default account information; 

editing account preferences; 

making purchases that exceed a predetermined purchase amount; and 
making purchases at sites that require the at least one level of further 
authentication. 
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10. (original) The method of Claim 2, further comprising a step of 
authenticating at the first level to gain access to the first account. 

1 1 . (original) The method of Claim 10, wherein authenticating at the first level 
comprises providing a user ID and a first-level password. 

12. (previously presented) The method of Claim 11, wherein the information 
known only to the account holder comprises at least a portion of a credit card 
number stored in the first account. 

13. (original) The method of Claim 12, further comprising steps of: 

if the accountholder doesn't clear the challenge, allowing a predetermined 
number of attempts to enter the information known only to the account holder; 
and 

if the accountholder fails the predetermined number of attempts, allowing 
the accountholder to provide a new credit card number; and 

presenting a challenge based on the new credit card number. 

14. (original) The method of Claim 2, further comprising steps of: 
configuring the challenge by an account provider, wherein configuring the 

challenge includes: 

specifying information requested by the challenge; and 
specifying a permissible number of response attempts. 

15. (currently amended) The method of Claim 2, wherein the step of 
converting the account comprises steps of: 

creating a said record in a said wallet account database; 

providing notice of a privacy policy; and 

consenting to the privacy policy by the account holder. 



Page 4 of 20 



Application ser, no. 10/690,145 



16. (original) The method of Claim 15, wherein the step of converting the 
account further comprises a step of: 

creating a second-level challenge. 

17. (original) The method of Claim 16, wherein the step of creating a second- 
level challenge comprises any of the steps of: 

setting a second-level password; and 

configuring a security question by the accountholder. 

18. (original) The method of Claim 17, wherein the at least one further level of 
authentication requires any of the steps of: 

providing the second-level password; and 
clearing the security question. 

1 9. (original) The method of Claim 1 8, further comprising a step of: 
providing a user interface accessible only to holders of accounts of the 

second type to edit account information and preferences. 

20. (original) The method of Claim 19, wherein the account information 
comprises any of: 

first name; 

middle initial; 

last name; 

credit card type; 

credit card number; 

credit card expiration date; 

billing address; 

city; 

state; 

postal code; 
country; 
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daytime phone; and 
evening phone. 

21. (cancelled) 

22. (currently amended) The method of Claim 21 , further comprising a step of: 
providing a wallet server, wherein the wallet server comprises a web 

server having a wallet application running thereon, the wallet server operative to 
pull account information from either the subscriber database or the wallet 
database. 

23. (previously presented) A computer program product comprising a tangible 
medium having computer readable code embodied thereon, the computer code 
including program code means for performing a method of converting an 
electronic wallet, the method comprising steps of: 

providing an account, the account a first account type providing a first set 
of services, the first set of services requiring a first level of authentication; 

presenting an accountholder a one-time challenge/response mechanism; 

and 

if the accountholder clears the challenge, converting the account to a 
second account type for all time; 

wherein the second type provides the first set of services plus further 
services associated therewith, the further services requiring at least one further 
level of authentication; 

wherein first account type comprises a thin wallet, the thin wallet 
comprising a record in a subscriber database, and wherein the second account 
type comprises a full wallet, the full wallet comprising a record in a wallet 
database. 
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24. (previously presented) The method of Claim 23, wherein the 
challenge/response mechanism requires an aceountholder to provide information 
known only to the aceountholder. 

25. (original) The method of Claim 24, wherein the step of providing the wallet 
account comprises either of the steps of: 

creating the account when making an initial purchase; and 
creating a record in a subscriber database. 

26. (original) The method of Claim 25, wherein subscribers include 
subscribers to any of: 

an online service; and 

an ISP (Internet service provider). 

27. (original) The method of Claim 24, wherein the step of presenting a 
challenge/response mechanism comprises steps of: 

requesting a service from within the account of the first type that is only 
available from within an account of the second type; and 

one time only, prompting the aceountholder to provide the information 
known only to the aceountholder. 

28. (original) The method of Claim 24, wherein the account comprises an 
electronic wallet, the first type comprising a thin wallet wherein the first set of 
services comprises at least one low-risk task requiring a low security level. 

29. (original) The method of Claim 28, wherein the at least one low-risk task 
comprises any of: 

making purchases not exceeding a predetermined purchase amount; 

making transactions using default account information; and 

making purchases at sites requiring only the first level of authentication. 
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30. (original) The method of Claim 28, wherein the second type comprises a 
full wallet and the further rights comprise additional tasks requiring greater 
security than the low level of security. 

31. (original) The method of Claim 30, wherein the additional tasks comprise 

any of: 

editing the default account information; 
editing account preferences; 

making purchases that exceed a predetermined purchase amount; and 
making purchases at sites that require the at least one level of further 
authentication. 

32. (original) The method of Claim 24, further comprising a step of 
authenticating at the first level to gain access to the first account. 

33. (original) The method of Claim 32, wherein authenticating at the first level 
comprises providing a user ID and a first-level password. 

34. (original) The method of Claim 24, wherein the information known only to 
the account holder comprises at least a portion of a credit card number stored in 
the first account. 

35. (original) The method of Claim 24, further comprising steps of: 

if the accountholder doesn't clear the challenge, allowing a predetermined 
number of attempts to enter the information known only to the account holder; 
and 

if the accountholder fails the predetermined number of attempts, allowing 
the accountholder to provide a new credit card number; and 

presenting a challenge based on the new credit card number. 

36. (original) The method of Claim 24, further comprising steps of: 
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configuring the challenge by an account provider, wherein configuring the 
challenge includes: 

specifying information requested by the challenge; and 
specifying a permissible number of response attempts. 

37. (currently amended) The method of Claim 24, wherein the step of 
converting the account comprises steps of: 

creating a said record in a said wallet account database; 

providing notice of a privacy policy; and 

consenting to the privacy policy by the account holder. 

38. (original) The method of Claim 37, wherein the step of converting the 
account further comprises a step of: 

creating a second-level challenge. 

39. (original) The method of Claim 38, wherein the step of creating a second- 
level challenge comprises any of the steps of: 

setting a second-level password; and 

configuring a security question by the accountholder. 

40. (original) The method of Claim 39, wherein the at least one further level of 
authentication required any of the steps of: 

providing the second-level password; and 
clearing the security question. 

41 . (original) The method of Claim 40, further comprising a step of: 
providing a user interface accessible only to holders of accounts of the 

second type to edit account information and preferences. 

42. (original) The method of Claim 41, wherein the account information 
comprises any of: 
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first name; 

middle initial; 

last name; 

credit card type; 

credit card number; 

credit card expiration date; 

billing address; 

city; 

state; 

postal code; 
country; 

daytime phone; and 
evening phone. 

43. (cancelled) 

44. (currently amended) The method of Claim 4S23, further comprising a step 

of: 

providing a wallet server, wherein the wallet server comprises a web 
server having a wallet application running thereon, the wallet server operative to 
pull account information from either the subscriber database or the wallet 
database. 

45. (previously presented) The method of Claim 24, wherein said at least one 
further level of authentication comprises accessing said account from a client 
device previously established as trusted. 

46. (original) The method of Claim 45, wherein establishing a client as trusted 
comprises authentication with a second-level password. 
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47. (original) The method of Claim 45, further comprising a step of 
reestablishing a client as trusted if a trusted state is compromised. 

48. (original) The method of Claim 45, further comprising a step of providing a 
visual indicator of a trusted state. 

49. (original) The method of Claim 45, further comprising a step of providing a 
security controls panel that permits accountholders to manage authentication for 
various online products and sites. 

50. (original) A system for converting an electronic wallet comprising: 
a wallet server; 

a wallet database; 
a subscriber database; 

wherein the wallet server is in communication with the wallet and the 
subscriber databases; and 

a client in communication with the wallet server, wherein a wallet 
accountholder requests services from the wallet server; 

wherein the server includes means for converting the electronic wallet. 

51 . (original) The system of Claim 50, wherein the means for converting the 
electronic wallet comprises a computer program embodied on a tangible 
medium, the computer program including computer code means for: 

providing an account, the account a first account type providing a first set 
of services, the first set of services requiring a first level of authentication; 

presenting the accountholder a one-time challenge/response mechanism; 

and 

if the accountholder clears the challenge, converting the account to a 
second account type for all time. 
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52. (original) The system of Claim 51, wherein the challenge/response 
mechanism requires an accountholder to provide information known only to the 
accountholder; and 

wherein the second account type provides the first set of services plus 
further services associated therewith, the further services requiring at least one 
further level of authentication. 

53. (original) The system of Claim 52, wherein the code means for providing 
the wallet account comprises code means for either of: 

creating the account when making an initial purchase; and 
creating a record in the subscriber database. 

54. (original) The system of Claim 53, wherein subscribers include subscribers 
to any of: 

an online service; and 

an ISP (Internet service provider). 

55. (original) The system of Claim 52, wherein the code means for presenting 
a challenge/response mechanism comprises code means for: 

requesting a service from within the account of the first type that is only 
available from within an account of the second type; and 

one time only, prompting the accountholder to provide the information 
known only to the accountholder. 

56. (original) The system of Claim 52, wherein the account comprises an 
electronic wallet, the first type comprising a thin wallet wherein the first set of 
services comprises at least one low-risk task requiring a low security level. 

57. (original) The system of Claim 56, wherein the at least one low-risk task 
comprises any of: 

making purchases not exceeding a predetermined purchase amount; 
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making transactions using default account information; and 

malting purchases at sites requiring only the first level of authentication. 

58. (original) The system of Claim 56, wherein the second type comprises a 
full wallet and the further rights comprise additional tasks requiring greater 
security than the low level of security. 

59. (original) The system of Claim 58, wherein the additional tasks comprise 
any of: 

editing default account information; 
editing account preferences; 

making purchases that exceed a predetermined purchase amount; and 
making purchases at sites that require the at least one level of further 
authentication. 

60. (original) The system of Claim 52, the program further comprising code 
means for authenticating at the first level to gain access to the first account. 

61. (original) The system of Claim 60, wherein the code means for 
authenticating at the first level includes code means for providing a user ID and a 
first-level password. 

62. (original) The system of Claim 52, wherein the information known only to 
the account holder comprises at least a portion of a credit card number stored in 

the first account. 

63. (original) The system of Claim 52, the program further comprising code 
means for: 

if the accountholder doesn't clear the challenge, allowing a predetermined 
number of attempts to enter the information known only to the account holder; 
and 
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if the accountholder fails tlie predetermined number of attempts, allowing 
the accountholder to provide a new credit card number; and 

presenting a challenge based on the new credit card number. 

64. (original) The system of Claim 52, the program further comprising code 
means for: 

configuring the challenge by an account provider, wherein configuring the 
challenge includes: 

specifying information requested by the challenge; and 
specifying a permissible number of response attempts. 

65. (original) The system of Claim 52, wherein the code means for converting 
the account comprises code means for: 

creating a record in the wallet database; 
providing notice of a privacy policy; and 
consenting to the privacy policy by the account holder. 

66. (original) The system of Claim 65, wherein the code means for converting 
the account further comprises code means for: 

creating a second-level challenge. 

67. (original) The system of Claim 66, wherein the code means for creating a 
second-level challenge comprises code means for any of: 

setting a second-level password 

configuring a security question by the accountholder. 

68. (original) The system of Claim 67, wherein the at least one further level of 
authentication requires any of the steps of: 

providing the second-level password; and 
clearing the security question. 
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69. (original) The system of Claim 68, the program further comprising code 
means for: 

providing a user interface accessible only to holders of accounts of the 
second type to edit account information and preferences. 

70. (original) The system of Claim 69, wherein the account Information 
comprises any of: 

first name; 

middle initial; 

last name; 

credit card type; 

credit card number; 

credit card expiration date; 

billing address; 

city; 

state; 

postal code; 
country; 

daytime phone; and 
evening phone. 

71. (original) The system of Claim 70, wherein the first account type 
comprises a thin wallet, the thin wallet comprising a record in the subscriber 
database, and wherein the second account type comprises a full wallet, the full 
wallet comprising the record in the wallet database, wherein the full wallet is 
initially populated with information from the thin wallet. 

72. (original) The system of Claim 71 , wherein the wallet server comprises a 
web server having the wallet application running thereon, the wallet server 
operative to pull account information from either the subscriber database or the 
wallet database. 
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73. (original) The system of Claim 50, further comprising a second server, 
said second server operative to relay data and requests between said wallet 
server and said subscriber database. 

74. (original) The system of Claim 73, further comprising a router, the router 
operative to link at least a first and a second network, wherein the wallet server 
occupies the first network and wherein the second server and the subscriber 
database occupy the second network. 

75. (original) The system of Claim 74, wherein the wallet database occupies 
said second network. 

76. (original) The system of Claim 52, wherein said at least one further level of 
authentication comprises accessing said account from a client device previously 
established as trusted. 

77. (original) The system of Claim 76, wherein establishing a client as trusted 
comprises authentication with a second-level password. 

78. (original) The system of Claim 76, said application further comprising code 
means for reestablishing a client as trusted if a trusted state is compromised. 

79. (original) The system of Claim 76, said application further comprising code 
means for providing a visual indicator of a trusted state. 

80. (original) The system of Claim 76, said application further comprising code 
means for providing a security controls panel that pemiits accountholders to 
manage authentication for various online products and sites. 
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